Network Associates warns of 'phishing' threat

The number of 'phishing' incidents (internet scams involving the theft of financial information) is on the rise, according to IT security firm Network Associates.

The number of 'phishing' incidents (internet scams involving the theft of financial information) is on the rise across the globe, according to IT security firm Network Associates. "We have noticed a substantial rise in incidents of phishing, or Internet scams involving theft of financial information," said Patrick Hayati, regional director of Network Associates in the Middle East. Phishing refers specifically to financial fraud scams. According to Network Associates, these often use spam to persuade enterprise users and consumers to give over private financial information such as passwords and PIN numbers. Common phishing scams use junk email messages containing links to dangerous Web sites or instead ask the recipient of spam to download a file that could contain a virus or trojan. In announcing this latest security concern, Network Associates cited the 'Phishing Attack Trends Report', recently published by the Anti-phishing Working Group (APWG), which stated that phishing attacks are increasing rapidly. It claimed that 176 unique new phishing attacks were reported in January 2004, amounting to 5.7 new attacks per day - a 52% increase over December 2003. Network Associates claims it is currently devising a strategy to help consumers and companies in the Middle East combat this growing threat. The firm’s technology research division, McAfee Research, recently published 'Anti-Phishing: Best Practices for Institutions and Consumers', a white paper available on Symantec's web site that outlines anti-phishing attacks and what McAfee reckons are the best ways to minimise the impact of attacks on institutions and consumers. Unsurprisingly, as a developer of security software solutions McAfee recommends that users install a strong gateway anti-virus scanning device that can filter and block known phishing sites. "Phishing uses a combination of technical means and social engineering to get consumers to trust fraudsters with private financial information that can be later misused," said Hayati. "The phisher’s techniques usually involve fraudulent email and Web sites that impersonate both legitimate email and Web sites. The most effective way to combat this problem is to arm consumers with information on how to watch out for this 'phishing' trap." Hayati claimed that Middle East users are especially vulnerable to phishing, partly because countries in the region have some of the highest per capital income figures in the world, making them attractive to fraudsters, and partly due to IT awareness in the region not yet being highly developed: "A majority of the population has only recently converted to Internet usage and thus many not be familiar with the anti-virus, content filtering and anti-spam solutions available," said Hayati. Network Associates' announcement is the latest in a long line of recent warnings by security experts. Only last week the Computing Technology Industry Association (CompTIA) warned that human error is still the main cause of security issues. A few days previously security firms issued a warning that more variants on the Bagle and Netsky worms were spreading. A recent Windows Middle East feature covering current security threats and the best ways users can protect themselves found that security experts across the region all agree on some crucial security tips, namely that users should install, use and regularly update anti-virus software, should never reply to any type of spam, and should not, under any circumstances, open e-mail attachments that they have not been expecting (even if these are from a trusted friend or colleague).